1. Controller

Andrii Pylypchuk — Bergmannweg 16, 65934 Frankfurt am Main, Germany
Email: andrii.it.info@gmail.com
Full legal information in our Impressum.

2. Data We Collect

• Account data: Email address, bcrypt-hashed password, registration timestamp.
• API credentials: Binance API key and secret, stored AES-128 encrypted. Never transmitted in plain text.
• Trading data: Bot configuration, trade history (symbol, price, quantity, P&L), algorithm parameters.
• Telegram: Telegram chat ID (if you choose to link your account).
• Payment data: Payment processing is handled by Stripe. We do not store card numbers. We receive subscription status and Stripe customer ID.
• Technical data: IP address in server logs (max. 7 days retention), session cookies.

3. Legal Basis (GDPR Art. 6)

• Art. 6(1)(b): Contract performance — to provide the trading bot service you signed up for.
• Art. 6(1)(a): Consent — for marketing emails and optional Telegram notifications (withdraw anytime).
• Art. 6(1)(f): Legitimate interest — fraud prevention, service security, aggregate analytics.
• Art. 6(1)(c): Legal obligation — tax/invoicing records for paid subscriptions.

4. Cookies

We use the following cookies:

We do not use third-party tracking or advertising cookies.

5. Data Sharing

We do not sell your data. We share data only with:

• Stripe Inc. — payment processing (USA, adequacy decision / SCCs apply).
• Binance — your API key is sent only when placing actual trades on your behalf.
• Telegram — only if you link your account; limited to notification messages.
• Hosting provider — server infrastructure in the EU.

6. Your Rights (GDPR Art. 15–22)

• Access (Art. 15): Request a copy of all data we hold about you.
• Rectification (Art. 16): Correct inaccurate data.
• Erasure (Art. 17): Delete your account — your personal data will be anonymized.
• Portability (Art. 20): Export your data in machine-readable format.
• Objection (Art. 21): Object to processing based on legitimate interest.
• Right to complain: File a complaint with the supervisory authority in your EU member state.

To exercise your rights, use the "Delete Account" feature in your profile or contact us via the Impressum.

7. Data Retention

• Account data: retained until account deletion, then anonymized immediately.
• Trade records: anonymized aggregate records retained for up to 3 years for financial integrity.
• Server logs: max. 7 days.
• Invoices: 10 years per German tax law (§147 AO).

8. Security

We implement TLS encryption in transit, AES-128 encryption at rest for API keys, bcrypt password hashing, rate limiting, CSRF protection, and Content Security Policy headers. No security measure is 100% guaranteed.

9. Changes

We will notify registered users by email of material changes to this policy at least 14 days in advance.